Documentation

22. Working with Webhooks

A Webhook provides the ability to execute specified commands between apps over the web. Ansible Tower currently provides webhook integration with GitHub and GitLab. This section describes the procedure for setting up a webhook in Tower through their respective services.

22.1. GitHub webhook setup

To set up webhooks for GitHub, you may optionally want to give Tower the ability to post statuses back when you run jobs based on a webhook coming in. If you determine you do not want Tower to post job statuses back to the webhook service, skip steps 1-2, and go directly to step 3.

  1. Optionally generate a personal access token (PAT) for use with Tower.

    1. In the profile settings of your GitHub account, click Settings.

    2. Below the Personal settings, click Developer Settings.

      _images/webhooks-create-webhook-github-settings.png
    3. In the Developer settings, click Personal access tokens.

    4. From the Personal access tokens screen, click Generate new token.

    5. When prompted, enter your GitHub account password to continue.

    6. In the Note field, enter a brief description about what this PAT will be used for.

    7. In the Scope fields, Tower automation webhook only needs repo scope access, with the exception of invites. For information about other scopes, click the link right above the table to access the docs.

    _images/webhooks-create-webhook-github-scope.png
    1. Click the Generate Token button.

    2. Once the token is generated, make sure you copy the PAT, as it will be used by Tower in a later step. You will not be able to access this token again in GitHub.

  2. Use the PAT to optionally create a GitHub credential in Tower:

    1. Go to your Tower instance, and create a new credential for the GitHub PAT using the above generated token.

    2. Make note of the name of this credential, as it will be used in the job template that posts back to GitHub.

    _images/webhooks-create-credential-github-PAT-token.png
    1. Go to the job template with which you want to enable webhooks, and select the webhook service and credential you created in the previous step.

    _images/webhooks-job-template-gh-webhook-credential.png

    1. Click Save. Now your job template is set up to be able to post back to GitHub. An example of one may look like this:

    _images/webhooks-tower-to-github-status.png
  1. Go to a specific GitHub repo you want to configure webhooks and click Settings.

_images/webhooks-github-repo-settings.png
  1. Under Options, click Webhooks.

_images/webhooks-github-repo-settings-options.png
  1. On the Webhooks page, click Add webhook.

  2. To complete the Add Webhook page, you need to enable webhooks in a job template in Tower (or in a workflow job template), which will provide you with the following information:

    1. Copy the contents of the Webhook URL from the Tower job template, and paste it in the Payload URL field. GitHub uses this address to send results to.

    2. Set the Content type to application/json.

    3. Copy the contents of the Webhook Key from the Tower job template above and paste it in the Secret field.

    4. Leave Enable SSL verification selected.

    5. Next, you can select the types of events you want to trigger a webhook.

    6. Leave Active checked and click Add Webhook.

_images/webhooks-github-repo-add-webhook.png
  1. After your webhook is configured, it displays in the list of webhooks active for your repo, along with the ability to edit or delete it. Click on a webhook, and it brings you to the Manage webhook screen. Scroll to the very bottom of the screen to view all the delivery attempts made to your webhook and whether they succeeded or failed.

_images/webhooks-github-repo-webhooks-deliveries.png

For more information, refer to the GitHub Webhooks developer documentation.

22.2. GitLab webhook setup

To set up webhooks for GitLab, you may optionally want to give Tower the ability to post statuses back when you run jobs based on a webhook coming in. If you determine you do not want Tower to post job statuses back to the webhook service, skip steps 1-2, and go directly to step 3.

  1. Optionally, generate a personal access token (PAT) for use with Tower. This token gives Tower the ability to post statuses back when we run jobs based on a webhook coming in.

    1. In the profile settings of your GitLab account, click Settings.

    2. On the sidebar, under User Settings, click Access Tokens.

      _images/webhooks-create-webhook-gitlab-settings.png
    3. In the Name field, enter a brief description about what this PAT will be used for.

    4. Skip the Expires at field unless you want to set an expiration date for your webhook.

    5. In the Scopes fields, select the ones applicable to your integration. For Tower, API is the only selection necessary.

    _images/webhooks-create-webhook-gitlab-scope.png
    1. Click the Create personal access token button.

    2. Once the token is generated, make sure you copy the PAT, as it will be used by Tower in a later step. You will not be able to access this token again in GitLab.

  2. Use the PAT to optionally create a GitLab credential in Tower:

    1. Go to your Tower instance, and create a new credential for the GitLab PAT using the above generated token.

    2. Make note of the name of this credential, as it will be used in the job template that posts back to GitHub.

    _images/webhooks-create-credential-gitlab-PAT-token.png
    1. Go to the job template with which you want to enable webhooks, and select the webhook service and credential you created in the previous step.

    _images/webhooks-job-template-gl-webhook-credential.png

    1. Click Save. Now your job template is set up to be able to post back to GitLab. An example of one may look like this:

    _images/webhooks-tower-to-gitlab-status.png
  1. Go to a specific GitLab repo you want to configure webhooks and click Settings > Integrations.

_images/webhooks-gitlab-repo-settings.png
  1. To complete the Integrations page, you need to enable webhooks in a job template in Tower (or in a workflow job template), which will provide you with the following information:

    1. Copy the contents of the Webhook URL from the Tower job template above, and paste it in the URL field. GitLab uses this address to send results to.

    2. Copy the contents of the Webhook Key from the Tower job template above and paste it in the Secret Token field.

    3. In the Trigger section, select the types of events you want to trigger a webhook.

    4. Leave Enable SSL verification selected.

    5. Click Add webhook.

_images/webhooks-gitlab-repo-add-webhook.png
  1. After your webhook is configured, it displays in the list of Project Webhooks for your repo, along with the ability to test events, edit or delete it. Test a webhook event, and it displays the results at the top of the page whether it succeeded or failed.

For more information, refer to the GitLab webhooks integrations documentation.

22.3. Payload output

The entire payload is exposed as an extra variable from Tower. To view the payload information, go to the Jobs Detail view of the job template that ran with the webhook enabled. In the Extra Variables field of the Details pane, view the payload output from the tower_webhook_payload variable, as shown in the example below.

_images/webhooks-jobs-extra-vars-payload.png _images/webhooks-jobs-extra-vars-payload-expanded.png